Page 1 of 1

Possible to filter ICMP types?

Posted: 10 May 2008, 16:12
by pgesystems
Is it possible to filter certain ICMP types as per the following list?

# 0: echo reply
# 3: destination unreachable
# 4: source quench
# 5: redirect
# 8: echo request
# 9: router advertisement
# 10: router solicitation
# 11: time exceeded
# 12: parameter-problem
# 13: timestamp request
# 14: timestamp reply
# 15: information request
# 16: information reply
# 17: address mask request
# 18: address mask reply

Posted: 16 May 2008, 10:29
by chirpy
Not within the csf configuration, but you can add custom iptables commands to /etc/csf/csfpre.sh or csfpost.sh to have them run when csf sets up the iptables rules. At present, if you enable the ICMP block options then it only blocks type 8 (used by ping) as most of the other types normally shouldn't be blocked.